It is possible to send and receive secure HTTP messages over headers between client and gateway with the CORS (Cross Origin Resource Sharing) policy.
For example, an anonymous user from the library web service can not delete the DELETE method book, but call the book list with the GET method, so the library employee can use all the methods in the web service. In such a scenario, CORS can be used to restrict HTTP methods.
The fields in the CORS window are entered to add an CORS policy. A description of these areas is given below.
Table: CORS Fields
If you want to add a global policy, the name information is entered.
A description can be entered to make policy selections easier.
When creating CORS policy,these fields is not mandatory.
It is the origin(domain,protocol,port) information to which the Preflight request was sent. Example; http://foo.example
The HTTP method of the Preflight request and original request. Example; POST
The HTTP headers of the Preflight request and original request. Example; X-PINGOTHER, Content-Type
Bu bölümdeki alanlar istemcinin asıl isteği gönderebilmesi için izin veriler yetkilerdir.
The value of the resources allowed by the gateway is entered.If you enter * character,all origins will be allowed.
The value of whether or not the credentials are present in the original request is entered. Example; true
Other headers that clients can access are entered. Example; My-Custom-Header, Another-Custom-Header
The number of seconds that the request will remain in the browser on the browser is entered in seconds.
The methods allowed by the gateway are selected
Access Control-Allow Headers
The header values allowed by the gateway are entered.
Error Message Customization
Enter the Error Code and Error Message that you want to customize for this policy.